-
Notifications
You must be signed in to change notification settings - Fork 224
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Expose stable syscall interface via DeviceIoControl #3700
Comments
Feedback from last week's triage call:
I've been experimenting with building an API for the DeviceIoControl (aka Native Image) path in Go. The results are promising, but there are some small snags I've hit so far.
|
I think there are two unavoidable requirements to make this work:
How do we achieve this without freezing the API forever? One approach is to say that we carry all that burden on the library side. For
I mention his approach more as a strawman, because I don't think it is feasible. We could adopt an approach which is similar to the Linux syscall layer. This means DeviceIoControl request and response modelWe pass a variable length buffer to the driver via DeviceIoControl, which replies
Each request and reply starts with the same header, which contains an operation The typedef struct _ebpf_operation_create_map_request
{
struct _ebpf_operation_header header;
ebpf_map_definition_in_memory_t ebpf_map_definition;
ebpf_handle_t inner_map_handle;
uint8_t data[1];
} ebpf_operation_create_map_request_t; The Adding a field after ProposalTo allow extending the fixed fields of a request we need to encode the length
On the driver side we now know whether user space provided us with the new field It doesn't help with the inverse case though. A new version of the library may
The Linux bpf() syscall solves this by accepting a larger request buffer than Windows doesn't seem suffer from this exact same problem (zero is an invalid handle) but there might be other fields where it applies. In any case, if (request_len >= offsetofend(request, b)) {
// use request->b
} TestingHow can we make sure that modifications to the API really are backwards compatible?
On the eBPF for Windows side we can investigate adding static_assert to encode @shankarseal can you please remove the triage label and maybe float this amongst your colleagues for Monday's meeting? |
Closing in favour of #3729. This proposal might still make sense in the future if the other approach doesn't have the performance we need. |
Describe the feature you'd like supported
As I understand, the stable API boundary for this project is currently a (1) libbpf compatible API and a (2) bpf() compat layer built on top of (1). Both of these are implemented in a .dll which calls out to the kernel component via DeviceIoControl.
I maintain github.com/cilium/ebpf, which is a popular Go library for interacting with Linux's eBPF subsystem. It would be great if we could offer Windows support in some fashion as well. Early on we made the decision that the library can not rely on CGo: software that relies on it is notoriously hard to build / package. CGo also has a noticeable performance impact, although this has gotten better over time. This means that on Linux we do not call into libbpf, and instead directly perform
bpf
syscalls. This works because the syscall interface on Linux is considered a stable API which mustn't be broken.To be able to add Windows support under the same constraints we need to be able to perform direct syscalls on Windows, which in turn would require the project to commit to keeping the kernel to user space API stable. Therefore I proposed to make DeviceIoControl calls a stable / supported API to interact with eBPF on Windows.
Proposed solution
Additional context
No response
The text was updated successfully, but these errors were encountered: